- Ubuntu branches
- 19. By Marc Deslauriers on 2013-02-25
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
patches/ 91_CVE- 2013-1619. diff: avoid timing attacks in
gnutls_ cipher. c, lib/gnutls_ hash_int. h.
- 18. By Tyler Hicks on 2012-04-04
* SECURITY UPDATE: Denial of service in client application
patches/ CVE-2011- 4128.patch: Fix buffer bounds check when copying
session data. Based on upstream patch.
* SECURITY UPDATE: Denial of service via crafted TLS record
patches/ CVE-2012- 1573.patch: Validate the size of a
kCipher structure as it is processed. Based on upstream
- 17. By Jamie Strandboge on 2009-08-14
* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
patches/ 91_CVE- 2009-2730. diff: verify length of CN and SAN
are what we expect and error out if either contains an embedded \0.
This fixed required updating _gnutls_
hostname_ compare( ) in
x509/rfc2818_ hostname. c to support wide wildcard hostname matching.
This is a backward compatible change and which only adds additional
matching of hostnames.
- 16. By Jamie Strandboge on 2008-12-05
* Fix for regression where some valid certificate chains would be untrusted
- Update debian/
patches/ 91_CVE- 2008-4989. diff to check if last certificate
is self-signed and prevent verifying self-signed certificates against
themselves. Patch from upstream.
lists.gnu. org/archive/ html/gnutls- devel/2008- 12/msg00008. html
- LP: #305264
- 15. By Jamie Strandboge on 2008-11-25
* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
patches/ 91_CVE- 2008-4989. diff: don't remove the last certificate
if it is self-signed in lib/x509/verify.c
article. gmane.org/ gmane.comp. encryption. gpg.gnutls. devel/3215
article. gmane.org/ gmane.comp. encryption. gpg.gnutls. devel/3248
- 14. By Kees Cook on 2008-05-20
* SECURITY UPDATE: multiple remote denial of service.
patches/ 90_GNUTLS- SA-2008- 1.diff: upstream fixes, thanks to Debian.
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
- 13. By Steve Langasek on 2008-02-22
* Pulled from upstream, by way of Debian:
patches/ 20_nulltermfix_ 465197. diff
Corrected the behaviour of gnutls_
x509_crt_ get_subject_ alt_name( )
et al. to not null terminate binary strings and return the proper
patches/ 21_nulltermfix_ 465197_ part2.diff
corrected string handling in parse_general_name.
- 12. By Martin Pitt on 2007-12-03
* Merge from debian unstable, remaining changes:
- debian/rules: Use clean-la.mk.
- 10. By Andreas Metzler <email address hidden> on 2007-09-29
* New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)